Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments
- 3h 33m
- Matt Burrough
- No Starch Press
- 2018
A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.
You'll learn how to:
- Find security issues related to multi-factor authentication and management certificates
- Make sense of Azure's services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
- Discover security configuration errors that could lead to exploits against Azure storage and keys
- Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
- Penetrate networks by enumerating firewall rules
- Investigate specialized services like Azure Key Vault and Azure Websites
- Know when you might be caught by viewing logs and security events
Packed with real-world examples from the author's experience as a corporate penetration tester, sample scripts from pen-tests and "Defenders Tips" that explain how companies can reduce risk, Pentesting Azure Applications provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.
About the Author
Matt Burrough is a senior penetration tester on a corporate red team, where he assesses the security of cloud computing services and internal systems. He holds a bachelor's degree in networking, security, and system administration from Rochester Institute of Technology and a master's degree in computer science from the University of Illinois at Urbana-Champaign.
In this Book
-
Foreword
-
Introduction
-
Preparation
-
Access Methods
-
Reconnaissance
-
Examining Storage
-
Targeting Virtual Machines
-
Investigating Networks
-
Other Azure Services
-
Monitoring, Logs, and Alerts
-
Glossary
